3221 matches found
CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...
CVE-2025-69210
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting XSS vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These...
n8n 跨站脚本漏洞
n8n is a scalable workflow automation tool from n8n open source. A cross-site scripting vulnerability exists in versions prior to n8n 1.114.0 that stems from the Respond to Webhook node not being properly sandboxed when processing HTML content, which could lead to an attacker with workflow creati...
EUVD-2023-60238
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title...
CVE-2025-66500
A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...
CVE-2025-66500
A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...
CVE-2025-66500 Foxit webplugins.foxit.com Stored Cross-Site Scripting via postMessage Vulnerability
A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...
CVE-2025-66500
CVE-2025-66500 describes a stored XSS in Foxit’s webplugins.foxit.com where a postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, enabling arbitrary JavaScript execution when a crafted postMessage is received. The description is consisten...
CVE-2025-66500 Foxit webplugins.foxit.com Stored Cross-Site Scripting via postMessage Vulnerability
A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...
PT-2025-52428
A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...
Cross-site Scripting (XSS)
Overview Kentico.Xperience.AspNet.Mvc5.Libraries is an assemblies required to use the Kentico Xperience API in class libraries developed for ASP.NET MVC 5 applications. Does not include content items or other modifications intended for the MVC web application itself. Affected versions of this...
CVE-2023-53938
RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...
CVE-2023-53887
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...
EUVD-2023-60192
Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers...
Cross-site Scripting (XSS)
Vuetify is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized HTML being assigned to the innerHTML of the VDatePicker title via the title-date-format property, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser...
PT-2025-51288
Name of the Vulnerable Software and Affected Versions Jorani version 1.0.3 Description The software contains a reflected cross-site scripting issue in the language parameter. An attacker can inject malicious scripts by crafting XSS payloads within this parameter, potentially enabling the executio...
PT-2025-51298
Name of the Vulnerable Software and Affected Versions Lucee version 5.4.2.17 Description An authenticated attacker can inject malicious scripts through parameters in the administrative interface. This allows for the execution of arbitrary JavaScript in a victim’s browser session via crafted...
EUVD-2025-203110
Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...
PT-2025-50977
Name of the Vulnerable Software and Affected Versions Lightning Flow Scanner versions 6.10.5 and below Description Lightning Flow Scanner, a CLI plugin, VS Code Extension, and GitHub Action for Salesforce Flow analysis and optimization, is affected by an issue where maliciously crafted flow...
lightning-flow-scanner 代码注入漏洞
lightning-flow-scanner is an open source command line automation plugin for Lightning Flow Scanner. A code injection vulnerability exists in lightning-flow-scanner version 6.10.5 and earlier, which stems from a maliciously constructed flow metadata file that could lead to arbitrary JavaScript...